News

Lincoln College has announced that it will close this week, likely as a result of a ransomware attack that took months to resolve. While the disruption caused by COVID-19 played a role in the college's closure, the cyberattack, which prevented access to recruitment and fundraising services for months, seems to have been the final nail in the coffin. NBC has reported that Lincoln College in the first college or university in US history to close partly...

The National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed today. The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative ahead of today's flagship CYBERUK summit. According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails. It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular....

“We have never been closer to a cataclysmic cyber event,” warns Nicole Perlroth, New York Times’ cybersecurity journalist, at this year’s KB4-Con in Orlando, Florida. Perlroth begins her talk by painting a picture of today’s sombre reality, highlighting the threat of Russian cyberattacks on our critical infrastructure and the latest discovery of Pipedream – the seventh known malware developed to disrupt industrial control systems. When she first joined NYT in 2010, Perlroth was hired to...

Rodrigo Chaves, President of Costa Rica, has declared a national emergency following a series of cyberattacks on government bodies. According to BleepingComputer, Conti has published the majority of the 672 GB of data appearing to belong to Costa Rican government agencies. Chaves signed the declaration into law on Sunday, May 8th, the same day that the former Minister of Finance effectively became the nation's 49th and current president. Conti ransomware had claimed the attacks on...

Authorities in the US have offered up to $15 million in rewards for information leading to the identification, arrest, and/or conviction of any individual affiliated with Conti ransomware variant attacks. The money, offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), is split into two pots: up to $10m for information on the identity or location of any individual who holds or has held a "key leadership position" in Conti; and up...

President Joe Biden signed a national security memorandum (NSM) on Thursday calling for government agencies to implement measures to mitigate risks posed by guantum computers to US national cyber security. The NSM highlights the dangers of cryptanalytically relevant quantum computers (CRQC), including their potential ability to brake public-key cryptography. Immediate risks include: Endangering civilian and military communications. Undermining supervisory and control systems for critical infrastructure. Defeating security protocols for the vast majority of Internet-based financial transactions....

NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) has admitted South Korea, the first Asian country to join. The country's National Intelligence Service (NIS) made the announcement today, noting that it will represent South Korea in the centre's training and research activities. “We plan to strengthen our cyber response capabilities to a world-class level by increasing the number of our staff sent to the centre and expanding the scope of joint training,” the NIS said, as...

The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks. The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 2.3.0.0 release. Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one...

New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period. The firm has claimed that the campaign, beginning October 2021, escalated "dramatically" in March of this year. After the findings were reported to the NHS on April 13, Inky reported that the volume of attacks fell significantly to just a "few". “The majority were fake new document notifications with malicious links...

The National Cyber Security Centre (NCSC), working alongside the Institute of Engineering and Technology (IET) and the UK's Centre for the Protection of National Infrastructure (CPNI), has developed new document providing best practices for those involved in the design, management, operation and security of building-related systems. The Code of Practice: Cyber Security in the Built Environment focuses on the security principles stakeholders should apply to a range of technologies in the built environment. “A building being...